fizzy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests user-generated content from the Fizzy API (cards, comments, descriptions that accept HTML/attachments) and explicitly tells agents to read response "breadcrumbs" (which include ready-to-run "cmd" strings) to discover and perform next actions, so untrusted third‑party content can influence tool use.